Kim Olsen

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 4.1.2 Red Hat Enterprise Linux (affected versions not specified) CentOS (affected versions not specified) ALT Linux (affected versions not specified) **Description** The issue is related to the handling of invalid group names in the winbind name list to sid string list function, which can allow remote authenticated users to bypass access restrictions. This can lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerability exists due to the acceptance of authentication by any user when there is a mistake in the pam winbind configuration file. **Recommendations** For Samba versions prior to 4.1.2: Update to a version later than 4.1.2 to resolve the issue. For Red Hat Enterprise Linux: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For CentOS: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For ALT Linux: At the moment, there is no information about a newer version that contains a fix for this vulnerability.